Am 2016-03-22 00:30, schrieb Michael Tremer: > Hi, > > On Fri, 2016-03-18 at 07:36 +0100, Marcel Lorenz wrote: >> This patch updates git to the last version and fixes >> a buffer overflow in all git versions before 2.7.1 >>   >> http://seclists.org/oss-sec/2016/q1/645 >> >> Signed-off-by: Marcel Lorenz >> >> --- >>  config/rootfiles/packages/git | 22 +++++++++++++--------- >>  lfs/git                       |  9 ++++----- >>  2 files changed, 17 insertions(+), 14 deletions(-) >> >> diff --git a/config/rootfiles/packages/git >> b/config/rootfiles/packages/git >> index e168483..9988877 100644 >> --- a/config/rootfiles/packages/git >> +++ b/config/rootfiles/packages/git >> @@ -6,10 +6,10 @@ usr/bin/git-upload-archive >>  usr/bin/git-upload-pack >>  #usr/bin/gitk >>  usr/lib/perl5/site_perl/5.12.3/Error.pm >> -usr/lib/perl5/site_perl/5.12.3/Git >> +#usr/lib/perl5/site_perl/5.12.3/Git >>  usr/lib/perl5/site_perl/5.12.3/Git.pm >>  usr/lib/perl5/site_perl/5.12.3/Git/I18N.pm >> -#usr/lib/perl5/site_perl/5.12.3/Git/IndexInfo.pm >> +usr/lib/perl5/site_perl/5.12.3/Git/IndexInfo.pm >>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN >>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN.pm >>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN/Editor.pm >> @@ -24,8 +24,8 @@ usr/lib/perl5/site_perl/5.12.3/Git/I18N.pm >>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN/Utils.pm >>  #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Git >>  #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Git/.packlist >> -usr/libexec/git-core >> -usr/libexec/git-core/git >> +#usr/libexec/git-core >> +#usr/libexec/git-core/git >>  usr/libexec/git-core/git-add >>  usr/libexec/git-core/git-add--interactive >>  usr/libexec/git-core/git-am >> @@ -172,6 +172,7 @@ usr/libexec/git-core/git-stash >>  usr/libexec/git-core/git-status >>  usr/libexec/git-core/git-stripspace >>  usr/libexec/git-core/git-submodule >> +usr/libexec/git-core/git-submodule--helper >>  usr/libexec/git-core/git-svn >>  usr/libexec/git-core/git-symbolic-ref >>  usr/libexec/git-core/git-tag >> @@ -188,8 +189,9 @@ usr/libexec/git-core/git-verify-pack >>  usr/libexec/git-core/git-verify-tag >>  usr/libexec/git-core/git-web--browse >>  usr/libexec/git-core/git-whatchanged >> +usr/libexec/git-core/git-worktree >>  usr/libexec/git-core/git-write-tree >> -usr/libexec/git-core/mergetools >> +#usr/libexec/git-core/mergetools >>  usr/libexec/git-core/mergetools/araxis >>  usr/libexec/git-core/mergetools/bc >>  usr/libexec/git-core/mergetools/bc3 >> @@ -212,12 +214,13 @@ usr/libexec/git-core/mergetools/tortoisemerge >>  usr/libexec/git-core/mergetools/vimdiff >>  usr/libexec/git-core/mergetools/vimdiff2 >>  usr/libexec/git-core/mergetools/vimdiff3 >> +usr/libexec/git-core/mergetools/winmerge >>  usr/libexec/git-core/mergetools/xxdiff >> -usr/share/git-core >> -usr/share/git-core/templates >> +#usr/share/git-core >> +#usr/share/git-core/templates >>  usr/share/git-core/templates/branches >>  usr/share/git-core/templates/description >> -usr/share/git-core/templates/hooks >> +#usr/share/git-core/templates/hooks >>  usr/share/git-core/templates/hooks/applypatch-msg.sample >>  usr/share/git-core/templates/hooks/commit-msg.sample >>  usr/share/git-core/templates/hooks/post-update.sample >> @@ -227,7 +230,7 @@ usr/share/git-core/templates/hooks/pre-push.sample >>  usr/share/git-core/templates/hooks/pre-rebase.sample >>  usr/share/git-core/templates/hooks/prepare-commit-msg.sample >>  usr/share/git-core/templates/hooks/update.sample >> -usr/share/git-core/templates/info >> +#usr/share/git-core/templates/info >>  usr/share/git-core/templates/info/exclude >>  #usr/share/git-gui >>  #usr/share/git-gui/lib >> @@ -315,6 +318,7 @@ usr/share/git-core/templates/info/exclude >>  #usr/share/locale/fr/LC_MESSAGES/git.mo >>  #usr/share/locale/is/LC_MESSAGES/git.mo >>  #usr/share/locale/it/LC_MESSAGES/git.mo >> +#usr/share/locale/ko/LC_MESSAGES/git.mo >>  #usr/share/locale/pt_PT/LC_MESSAGES/git.mo >>  #usr/share/locale/ru/LC_MESSAGES/git.mo >>  #usr/share/locale/sv/LC_MESSAGES/git.mo >> diff --git a/lfs/git b/lfs/git >> index bbec140..a3f6636 100644 >> --- a/lfs/git >> +++ b/lfs/git >> @@ -24,7 +24,7 @@ >>   >>  include Config >>   >> -VER        = 2.4.4 >> +VER        = 2.7.1 >>   >>  THISAPP    = git-$(VER) >>  DL_FILE    = $(THISAPP).tar.xz >> @@ -34,7 +34,7 @@ TARGET     = $(DIR_INFO)/$(THISAPP) >>  PROG       = git >>  PAK_VER    = 12 >>   >> -DEPS       = "perl-Authen-SASL perl-MIME-Base64 perl-Net-SMTP-SSL" >> +DEPS       = "perl" > > Why did you change this? There is no such add-on as "perl". The other > ones > however are requirements that must be installed. >   Oh soory, not seen, i make an new patch with all deps. >>  ############################################################################# >> ## >>  # Top-level Rules >> @@ -44,7 +44,7 @@ objects = $(DL_FILE) >>   >>  $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >>   >> -$(DL_FILE)_MD5 = 847787cd0616d38b0e429ea85f558c31 >> +$(DL_FILE)_MD5 = eece7b1e87983271621a0cb6aab37a25 >>   >>  install : $(TARGET) >>   >> @@ -78,13 +78,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>   @$(PREBUILD) >>   @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) >>   cd $(DIR_APP) && ./configure \ >> + --with-gitconfig=/etc/gitconfig \ > > Why is this necessary? It is a default from Linux from scratch website. http://www.linuxfromscratch.org/blfs/view/svn/general/git.html This sets /etc/gitconfig as the file that stores the default, system wide, Git settings > >>   --prefix=/usr \ >>   --with-libpcre \ >>   --with-curl \ >>   --with-expat >> - >>   cd $(DIR_APP) && make $(MAKETUNING) >>   cd $(DIR_APP) && make install >> - >>   @rm -rf $(DIR_APP) >>   @$(POSTBUILD) > > No need to remove empty lines that just improve readability. > Best, > -Michael